Please could you suggest me more tips about the settings of the providers to change ?
I can see this in PKCS11KeyStoreKeyingDataProvider.java :
public class PKCS11KeyStoreKeyingDataProvider extends KeyStoreKeyingDataProvider
{
/**
*
* #param nativeLibraryPath the path for the native library of the specific PKCS#11 provider
* #param providerName this string is concatenated with the prefix SunPKCS11- to produce this provider instance's name
* #param certificateSelector the selector of signing certificate
* #param keyStorePasswordProvider the provider of the keystore loading password (may be {#code null})
* #param entryPasswordProvider the provider of entry passwords (may be {#code null})
* #param returnFullChain indicates of the full certificate chain should be returned, if available
* #throws KeyStoreException
*/
public PKCS11KeyStoreKeyingDataProvider(
final String nativeLibraryPath,
final String providerName,
SigningCertSelector certificateSelector,
KeyStorePasswordProvider keyStorePasswordProvider,
KeyEntryPasswordProvider entryPasswordProvider,
boolean returnFullChain) throws KeyStoreException
{
and in my SignerTTest.java :
PKCS11KeyStoreKeyingDataProvider ptccKeyingDataProv = new PKCS11KeyStoreKeyingDataProvider
("D:\\pteidpkcs11.dll",
"pteidpkcs11",
new FirstCertificateSelector(), null, null, false);
But I don't understand, normally I download the .DLL appropriate so here the library pteidpkcs11.dll is located in D: (so in java I put "\\" : "D:"\\"pteidpkcs11.dll")
After I put the name of .dll so here pteidpkcs11 as argument.
After "new FirstCertificateSelector()" is to select the first certificate of the list of the keystore, isn't It?.
The first null is for the password of keystore provider, isn't It ?
The second null is for the password of certificate, isn't It ?
And the returnFullChain what's Its role exactly ?
And I would like to have informations about how to configure the provider because It is unclear for me for the moment during my searching.
Thanks,
William.
new FirstCertificateSelector() is to select the first certificate of the list of the keystore, isn't It?
Yes. You can pass in any other implementation of the SigningCertSelector interface.
The first null is for the password of keystore provider, isn't It ?
The second null is for the password of certificate, isn't It ?
Yes. It's null because that specific PKCS#11 provider handles protection of the key stores entries (it's a smart card with a PIN).
And the returnFullChain what's Its role exactly?
An entry in the keystore may contain a key and the associated certificate with the full certificate chain. This parameter controls if the getSigningCertificateChain method returns the full chain or only the leaf certificate.
The appropriate configuration and DLL will depend on which PKCS11 provider you're using. In that test I was using a a Portuguese citizen card and a smart card reader. Note that PKCS11KeyStoreKeyingDataProvider is just an adapter for a java key store based on sun's PKCS11 provider.
Related
Is there a way get normal IntelliSense functionality in PhpStorm for types contained in a COM type library?
In FoxPro I get full IntelliSense as soon as a variable is declared as a COM interface (it pulls the info from the registry); in Delphi and Visual Studio I can have the IDE create some import artifacts for the type libraries (import unit, interop assembly) to make IntelliSense work. However, so far I couldn't find a way to make IntelliSense work with type libraries in PhpStorm.
All mentions of COM type libraries that I found referred only to PHP's ability to load constants (com_load_typelib()), but I want method and parameter info. I wouldn't mind generating files for PhpStorm from my type libraries or even hand-crafting some definitions for the COM interfaces that I use most often. However, I really need normal IntelliSense for the COM interfaces to keep from going crazy.
Is there a way to peel this cat?
As suggested by LazyOne, the manual approach can be as simple as writing a stub declaration and dumping the php file somewhere in the project tree or search path (like an apposite stubs directory):
<?php
/** allows observing the server lock/object counts and unloadability state of a COM module that uses the
* Zrbj.COM.ComServerLocking infrastructure
* #property-read int $Revision revision of the observer module implementation
* #property-read string $ServerDLL executable which houses the code for this observer object
*/
interface ISrvDllObserver
{
/** server lock count information (ICounterInfo) for this object's own server module */
public function GetCountsForOwnModule (): ICounterInfo;
/** server lock count information (ICounterInfo) for a loaded COM module that uses Zrbj.COM.ComServerLocking.
* #param string $module_name basename without file extension is sufficient unless there are multiple loaded
* modules with the same basename; use path and/or file extension to disambiguate
*/
public function GetCountsForLoadedModule (string $module_name): ICounterInfo;
}
From that point on IntelliSense works perfectly.
The manual process may give perfect results, but it is exceedingly laborious. I remembered a scriptable object for processing type libraries that shipped with FoxPro and earlier versions of Visual Studio, tlbinf32.dll (+ tlbinf32.chm). The ProgID to start with is TLI.TLIApplication.
The only extant reference to this tool that I could find at microsoft.com is this old article:
Visual Basic: Inspect COM Components Using the TypeLib Information Object Library
The tool still ships with Visual Studio, but it is now called vstlbinf.dll and no longer documented. vstlbinf.dll still refers to the old tlbinf32.chm as its help file but that doesn't get shipped anymore. The old documentation is still useful for understanding the object model, even though it refers to a version that is two decades older. (Note: it may be necessary to register the DLL manually.)
So I took Delphi and set about taming TLI.TLIApplication. It turned out not to be a whole lot easier than working with ITypeLib, ITypeInfo etc. directly, but the advantage is that TLI.TLIApplication can be used from any scripting language, including PHP itself.
Here`s a sample of the information that can be ripped from a COM type library for use in a PHP stub:
<?php
// 'k:\VS2019\Community\Common7\IDE\vstlbinf.dll' (2021-04-21 10:05:35)
// processed 2021-05-02 22:39:10 by Zrbj.COM.PhpStubs.pas rev. 2021-05-02
//
// Library: TLI
// Version: 1.0
// LIBID : {8B217740-717D-11CE-AB5B-D41203C10000}
// Comment: TypeLib Information
// 32 interface(s) and 3 coclass(es)
//
// coclasses:
// * {8B217752-717D-11CE-AB5B-D41203C10000} -> _SearchHelper (ProgID TLI.SearchHelper)
// 'Helper object for GetMembersWithSubString and multiple TypeLibs'
// * {8B217746-717D-11CE-AB5B-D41203C10000} -> _TypeLibInfo (ProgID TLI.TypeLibInfo)
// 'TypeLib information'
// * {8B21775E-717D-11CE-AB5B-D41203C10000} -> _TLIApplication (ProgID TLI.TLIApplication)
// 'TLIApplication object'
/// {8B21774B-717D-11CE-AB5B-D41203C10000} dual nonextensible dispatchable
/** VarType information for parameters and return types
* #property-read TypeInfo $TypeInfo Type information for VT_PTR VarType
* #property-read int $TypeInfoNumber TypeInfo number for 0 VarType (Cheaper than TypeInfo property)
* #property-read variant $TypedVariant Get a variant with this VarType
* #property-read bool $IsExternalType Is TypeInfo external to this library
* #property-read TypeLibInfo $TypeLibInfoExternal External typelib. Same as TypeInfo.Parent.
* #property-read int $PointerLevel Dereferencing level of type
* #property-read int $VarType VarType of Parameter
* #property-read int $ElementPointerLevel Dereferencing level for type of an array element
*/
interface VarTypeInfo
{
/** Get bounds for VT_VECTOR array. LBound in column 1, UBound in column 2. */
public function ArrayBounds (int $Bounds): int;
}
/// {8B217749-717D-11CE-AB5B-D41203C10000} dual nonextensible dispatchable
/** Parameter Information
* #property-read string $Name Name of the object
* #property-read bool $Optional Optional Parameter
* #property-read VarTypeInfo $VarTypeInfo VarTypeInfo object for this parameter
* #property-read bool $Default Default Parameter
* #property-read variant $DefaultValue Default value
* #property-read bool $HasCustomData Check if custom data is available
* #property-read CustomDataCollection $CustomDataCollection Custom data GUIDs and Values
* #property-read int $Flags Parameter Flags
*/
interface ParameterInfo
{
}
...
Conspicuously absent are parameter comments, because there is no such thing in Microsoft IDL or type libraries. But on the whole the result of processing type libraries into PHP stubs seems quite satisfactory, and it certainly makes working with COM objects in PHP a lot easier.
AdminDirectory.Users.undelete(resource, userKey)
UserKey is the UserID/UserKey. Not sure what is the resource here.
Answer:
The only parameter required by Directory API: Users: undelete is orgUnitPath.
More Information:
As per the documentation:
In the request body, supply data with the following structure:
{
"orgUnitPath": string
}
Where the orgUnitPath is the path to the Organizationan unit you wish to restore the user to. You can get a list of your Organizational units from the [Orgunits: list]9v) method of the same API.
The orgUnitPath parameter needs to be preceded with a /, as per the resource representation documentation on Orgunits:
orgUnitPath: The full path to the organizational unit. The orgUnitPath is a derived property. When listed, it is derived from parentOrgunitPath and organizational unit's name. For example, for an organizational unit named 'apps' under parent organization '/engineering', the orgUnitPath is '/engineering/apps'. In order to edit an orgUnitPath, either update the name of the organization or the parentOrgunitPath.
So as for this example, you would need to provide the following resource:
{
"orgUnitPath": "/engineering/apps"
}
Something to remember:
When undeleting a user, unlike the delete method, you can not specify their email address in the userKey field to restore them. This is mentioned in the undelete documentation:
userKey: Identifies the user in the API request. The value must be the user's unique user ID.
Code Example:
function undeleteUser() {
AdminDirectory.Users.undelete(
{
orgUnitPath: '/My-Org-Unit-Path'
},
'21-character-unique-user-id'
);
}
The unique user ID can be obtained from a Users: list request.
References:
Directory API - Users: undelete
Orgunits - Resource Representation
Directory API - Users: list
I wrote a program to use chrome's login cookies to do something automatically, but since Chrome encrypt all the cookies at January, my program can't work anymore.
I'm trying to decrypt cookies, and success in java on mac os by This Topic, but my usual running environment is win7 os, so I have to decrypt that on windows.
I found os_crypt_win.cc in Chromium's source code, it has a encrypt part:
bool OSCrypt::EncryptString(const std::string& plaintext, std::string* ciphertext) {
DATA_BLOB input;
input.pbData = const_cast<BYTE*>(reinterpret_cast<const BYTE*>(plaintext.data()));
input.cbData = static_cast<DWORD>(plaintext.length());
DATA_BLOB output;
BOOL result = CryptProtectData(&input, L"", NULL, NULL, NULL, 0, &output);
if (!result)
return false;
// this does a copy
ciphertext->assign(reinterpret_cast<std::string::value_type*>(output.pbData), output.cbData);
LocalFree(output.pbData);
return true;
}
I imitate this part in java with JNA:
String encrypted = bytesToHex(Crypt32Util.cryptProtectData(Native.toByteArray(plaintext), 0));
or
String encrypted = bytesToHex(Crypt32Util.cryptProtectData(plaintext.getBytes());
or
String encrypted = bytesToHex(Crypt32Util.cryptProtectData(plaintext.getBytes("UTF-8"));
or
String encrypted = bytesToHex(Crypt32Util.cryptProtectData(plaintext.getBytes("UTF-16"));
But I got a wrong encrypted values different with the value store in Chrome.
Did I used a wrong method to encrypt this, or did I miss something important?
Can you help me figure this out?
You used the correct method to encrypt the values.
How are the values "wrong"? if they are just different from the one's stored in chrome that is not a problem.
The reason for that is very simple:
from msdn:
"The function creates a session key to perform the encryption. The
session key is derived again when the data is to be decrypted."
from msdn blog:
"A random session key is created for each call to CryptProtectData.
This key is derived from the master key, some random data, and some
optional entropy passed in by the user. The session key is then used
to do the actual encryption."
The important thing you should check is whether you are able to decrypt the values using DecryptUnprotectData.
I am implementing Windows MDM. In this, Device sends CSR which is PKCS#10 Certificate request.
When I go to http://certlogik.com/decoder, and decode this CSR,I get Subject as
"CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\00"
This "\00", we want to remove from subject property.Because of this we are not able to install company hub app during enrolment.
I want to change this subject to any value such as "CN=myMDM".How can I change Subject property of CSR?
It is permissible to have a certificate subject differ from the subject of the PKCS#10 (i.e. CSR). See the -subj option to OpenSSL's 'req' command.
For reasons behind this ability, consider this; Your CSR is signed by your private key. The signature is used to verify that the contents of the CSR have not been modified (this includes the subject). Your public key is included in the CSR. A CA creates your cert and uses whatever parts of the CSR subject it sees fit. The cert, along with the CA-specified subject and the public key from your CSR is signed by the private key of the CA. This signature is used to verify that the contents of your cert have not been modified (this includes the CA-specified subject).
You cannot change it once you have the certificate request, as CSR's should be signed with your private key, and the signing is definitely including the subject line.
So if you change anything you need to resign, which requires you to parse the CSR. So basically you should rebuild your CSR and simply strip off the character with value 00 (null terminator character) when you supply your common name (CN).
You are left with the following options:
correctly generate the CSR, as explained above,
change the CSR, removing the zero valued byte and recalculating all the lengths, and skip verification,
create a special certificate creator that puts the correct subject like out of the CSR after verifying or skipping the signature verification of the CSR;
Is there a way to customize php storm's way of generating the docblocks ?
By default, I would like to have unknown type vars considered as strings.
This is the default way of generating docblock
(using php storm 4.01)
/**
* #param $name
*/
private function test($name){
}
And I would like this instead if possible :
/**
* #param string $name
*/
private function test($name){
}
No, you cannot provide default type for generated #param.
PhpStorm provides correct type whenever it is possible to detect from function declaration. In your example it is not possible (it can be anything).
And I personally do not see a real reason why it needs to be a string (or any other type) by default. Unknown/missing type tells me that I need to finish editing this PHPDoc block so it reflects the actual/correct parameter type. With default type entered already such check is not possible (what if the type should be some class (e.g. Person) or array instead?)
P.S.
Kind of related (at least to the actual subject):
This is the Feature Request ticket for Editable PHPDoc Template (that can define what #tags and in what order should be used): http://youtrack.jetbrains.com/issue/WI-11111